Customers utilizing computing resources, such as those provided by a remote resource provider, are able to set access policies associated with the computing resources. The access policies specify information identifying actions associated with the computing resources that users are allowed to perform. If the access policies are not specified as intended by the customer, user requests that the customer intended to be allowed may be denied and vice-versa. In addition, if customers are not provided with services to test their access control policies, the customer may provide more privileges to users than intended. Further, it may be cumbersome for the customer to attempt to remedy access control policies without remediation assistance or simulation environment for testing the access control policies.
Furthermore, some remote resource providers may establish intermediary services that may affect the computing resources of customers or makes changes to the computing resources. By way of example, an intermediary service may scale a customer's resources according to the demand on the resources, whereby the intermediary service may increase the computing resources allocated to the customer when the demand for existing resources increases and may reduce the computing resources when the demand decreases. With such complexity, appropriate and effective access control is difficult to achieve, requiring substantial work, knowledge and skill.